User account menu

Apache

I've begun the process of moving all the sites I host to HTTPS. I was lucky enough to get a Beta Program invitation for the Let's Encrypt project. I used their ACME client to verify domain control and issue a certificate. I was impressed by how easy the process was. The project is scheduled to move into general availability in the middle of November 2015.

I've been participating in the community support section of the LetsEncrypt.org site for a few weeks now and have seen a few issues from people trying to issue certificates who were not "technical" people. While the ACME client can do many of the technical parts of the process, such as configuring Apache, verifying the domain, getting the certificates, and reconfigure Apache to use them, the process can be kind of intimidating. One of the first issue I saw was users trying to use the ACME client to get certificates for domains the own but host on shared hosting systems. Since the ACME client requires command line access, as of now, I don't see any reasonable way for these people to use an automated certificate issuance system.

After experimenting with the system I've come up with my best practices for issuing certificates, installing them, and serving them. I'll detail my process here.

Last year I wrote an article called How to deal with (block) semalt referrer spam in your Analytics Data. This approach has been fairly successful in lowering the amount of crawler based referrer spam. As new offenders have popped up I've adjusted my Apache Vhost configurations to block more of these from appearing in my analytics data, so this article is to serve as an update to that first one.

Recently one of my application servers developed an intermittent issue where the MaraiDB instance running on it would randomly fail. Apache however would stay up, so when my original status check page was hit by the Layer7 HAProxy check, it would get a valid response from my application.

About a week ago I started seeing some intermittent issues with my primary webserver, hosting most of my personal/professional sites, along with a few of my long standing clients websites and decided it was time to rethink my infrastructure scheme. I sat down and gave some thought as to what I wanted, needed and expected.

Discliamer

Legal Stuff

This is my personal blog. The views expressed on these pages are mine alone and not those of my employer.

All data and information provided on this site is for informational purposes only. Benjamin Townsend (BenTownsend.com) makes no representations as to accuracy, completeness, currentness, suitability, or validity of any information on this site & will not be liable for any errors, omissions, or delays in this information or any losses, injuries, or damages arising from its display or use. All information is provided on an as-is basis.

Feel free to challenge me, disagree with me, or tell me I’m completely nuts in the comments section of each entry, but I reserve the right to delete any comment for any reason whatsoever (abusive, profane, rude, or anonymous comments) – so keep it polite, please.